admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #27 from CVEProject/master

Browse Source 
"-Synchronized-Data."
This commit is contained in:
TWCERTCC - CNA 2022-03-31 18:02:05 +08:00 committed by GitHub
commit c444c61021
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4555 changed files with 191360 additions and 11843 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2003/5xxx/CVE-2003-5001.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-5001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ISS BlackICE PC Protection Cross Site Scripting Detection privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ISS",
"product": {
"product_data": [
{
"product_name": "BlackICE PC Protection",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.104",
"refsource": "MISC",
"name": "https://vuldb.com/?id.104"
},
{
"url": "http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt",
"refsource": "MISC",
"name": "http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt"
},
{
"url": "http://www.cgisecurity.com/articles/xss-faq.shtml",
"refsource": "MISC",
"name": "http://www.cgisecurity.com/articles/xss-faq.shtml"
}
]
}

61
2003/5xxx/CVE-2003-5002.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-5002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ISS BlackICE PC Protection Update cleartext transmission",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ISS",
"product": {
"product_data": [
{
"product_name": "BlackICE PC Protection",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295"
}
]
}

61
2003/5xxx/CVE-2003-5003.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-5003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ISS BlackICE PC Protection Update cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ISS",
"product": {
"product_data": [
{
"product_name": "BlackICE PC Protection",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.296",
"refsource": "MISC",
"name": "https://vuldb.com/?id.296"
}
]
}

64
2005/10xxx/CVE-2005-10001.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-10001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Netegrity SiteMinder Login smpwservicescgi.exe redirect",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Netegrity",
"product": {
"product_data": [
{
"product_name": "SiteMinder",
"version": {
"version_data": [
{
"version_value": "4.5.0"
},
{
"version_value": "4.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.1022",
"refsource": "MISC",
"name": "https://vuldb.com/?id.1022"
}
]
}

66
2008/10xxx/CVE-2008-10001.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-10001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Pro2col Stingray FTS cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pro2col",
"product": {
"product_data": [
{
"product_name": "Stingray FTS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.3809",
"refsource": "MISC",
"name": "https://vuldb.com/?id.3809"
},
{
"url": "http://seclists.org/bugtraq/2008/Sep/0157.html",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2008/Sep/0157.html"
}
]
}

71
2010/10xxx/CVE-2010-10001.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-10001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Shemes GrabIt NZB Date Parser denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Shemes",
"product": {
"product_data": [
{
"product_name": "GrabIt",
"version": {
"version_data": [
{
"version_value": "1.7.2 Beta 4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.4143",
"refsource": "MISC",
"name": "https://vuldb.com/?id.4143"
},
{
"url": "https://www.scip.ch/publikationen/advisories/scip_advisory-4143_shemes_grabbit_malicious_nzb_date_denial_of_service.txt",
"refsource": "MISC",
"name": "https://www.scip.ch/publikationen/advisories/scip_advisory-4143_shemes_grabbit_malicious_nzb_date_denial_of_service.txt"
},
{
"url": "http://seclists.org/bugtraq/2010/Jul/60",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2010/Jul/60"
}
]
}

8
2013/3xxx/CVE-2013-3523.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via unspecified vectors."
"value": "SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL."
}
]
},
@ -68,9 +68,9 @@
"url": "http://osvdb.org/91976"
},
{
"name": "http://gajennings.net/this/?arg=&op=page&id=2",
"refsource": "CONFIRM",
"url": "http://gajennings.net/this/?arg=&op=page&id=2"
"refsource": "XF",
"name": "this-cve20133523-sql-injection(84168)",
"url": "http://xforce.iss.net/xforce/xfdb/84168"
}
]
}

61
2015/10xxx/CVE-2015-10002.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-10002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Kiddoware Kids Place Home Button Protection denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kiddoware",
"product": {
"product_data": [
{
"product_name": "Kids Place",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component."
}
]
},
"credit": "Noah Ruef/Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.118359",
"refsource": "MISC",
"name": "https://vuldb.com/?id.118359"
}
]
}

5
2015/3xxx/CVE-2015-3269.json
View File

@ -91,6 +91,11 @@
"name": "1033337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
]
}

48
2015/3xxx/CVE-2015-3298.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3298",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html",
"refsource": "MISC",
"name": "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html"
}
]
}

5
2016/5xxx/CVE-2016-5195.json
View File

@ -646,6 +646,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files",
"url": "http://www.openwall.com/lists/oss-security/2022/03/07/1"
}
]
}

5
2016/9xxx/CVE-2016-9427.json
View File

@ -76,6 +76,11 @@
"name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220330 [SECURITY] [DLA 2966-1] libgc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html"
}
]
}

66
2017/20xxx/CVE-2017-20011.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner HTTP denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
}
]
}

95
2017/20xxx/CVE-2017-20012.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner Stresstest Scheme denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
},
{
"url": "https://vuldb.com/?id.101970",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101970"
}
]
}

95
2017/20xxx/CVE-2017-20013.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner Stresstest Configuration denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
},
{
"url": "https://vuldb.com/?id.101971",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101971"
}
]
}

95
2017/20xxx/CVE-2017-20014.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner Webspider denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
},
{
"url": "https://vuldb.com/?id.101972",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101972"
}
]
}

95
2017/20xxx/CVE-2017-20015.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner LAN Viewer denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
},
{
"url": "https://vuldb.com/?id.101973",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101973"
}
]
}

95
2017/20xxx/CVE-2017-20016.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WEKA INTEREST Security Scanner Portscan memory allocation",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WEKA",
"product": {
"product_data": [
{
"product_name": "INTEREST Security Scanner",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Uncontrolled Memory Allocation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.101969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101969"
},
{
"url": "http://www.computec.ch/news.php?item.117",
"refsource": "MISC",
"name": "http://www.computec.ch/news.php?item.117"
},
{
"url": "https://vuldb.com/?id.101974",
"refsource": "MISC",
"name": "https://vuldb.com/?id.101974"
}
]
}

10
2017/5xxx/CVE-2017-5641.json
View File

@ -82,6 +82,16 @@
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-507/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-507/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-506/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-506/"
}
]
}

5
2018/10xxx/CVE-2018-10060.json
View File

@ -66,6 +66,11 @@
"name": "1040620",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040620"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
}
]
}

5
2018/10xxx/CVE-2018-10061.json
View File

@ -66,6 +66,11 @@
"name": "1040620",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040620"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
}
]
}

5
2018/10xxx/CVE-2018-10887.json
View File

@ -77,6 +77,11 @@
"name": "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2018/10xxx/CVE-2018-10888.json
View File

@ -72,6 +72,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598024",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598024"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2018/15xxx/CVE-2018-15501.json
View File

@ -86,6 +86,11 @@
"name": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649",
"refsource": "MISC",
"url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2018/20xxx/CVE-2018-20196.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-202006-17",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"refsource": "DEBIAN",
"name": "DSA-5109",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}

5
2018/20xxx/CVE-2018-20199.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5109",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}

5
2018/20xxx/CVE-2018-20360.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5109",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}

15
2018/20xxx/CVE-2018-20545.json
View File

@ -71,6 +71,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1144",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-fc6b53e7a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e3b9986722",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-3d291845d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/"
}
]
}

15
2018/20xxx/CVE-2018-20546.json
View File

@ -76,6 +76,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1144",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-fc6b53e7a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e3b9986722",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-3d291845d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/"
}
]
}

15
2018/20xxx/CVE-2018-20547.json
View File

@ -76,6 +76,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1144",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-fc6b53e7a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e3b9986722",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-3d291845d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/"
}
]
}

15
2018/20xxx/CVE-2018-20548.json
View File

@ -71,6 +71,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1144",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-fc6b53e7a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e3b9986722",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-3d291845d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/"
}
]
}

15
2018/20xxx/CVE-2018-20549.json
View File

@ -76,6 +76,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1144",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-fc6b53e7a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e3b9986722",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-3d291845d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/"
}
]
}

111
2018/25xxx/CVE-2018-25030.json
View File

@ -4,14 +4,119 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Mirmay Secure Private Browser / File Manager Auto Lock improper authentication",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mirmay",
"product": {
"product_data": [
{
"product_name": "Secure Private Browser ",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.5"
}
]
}
},
{
"product_name": "File Manager",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Marc Ruef",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.3",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.106056",
"refsource": "MISC",
"name": "https://vuldb.com/?id.106056"
},
{
"url": "https://youtu.be/cd6nbos-BI0",
"refsource": "MISC",
"name": "https://youtu.be/cd6nbos-BI0"
},
{
"url": "https://www.scip.ch/en/?labs.20180201",
"refsource": "MISC",
"name": "https://www.scip.ch/en/?labs.20180201"
}
]
}

72
2018/25xxx/CVE-2018-25031.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-25031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885"
},
{
"url": "https://github.com/swagger-api/swagger-ui/issues/4872",
"refsource": "MISC",
"name": "https://github.com/swagger-api/swagger-ui/issues/4872"
},
{
"url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3",
"refsource": "MISC",
"name": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3"
}
]
}
}

97
2018/25xxx/CVE-2018-25032.json Normal file
View File

@ -0,0 +1,97 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-25032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/03/24/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
},
{
"url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"refsource": "MISC",
"name": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)",
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)",
"url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/03/28/3",
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/03/28/1",
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12",
"url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
},
{
"refsource": "MISC",
"name": "https://github.com/madler/zlib/issues/605",
"url": "https://github.com/madler/zlib/issues/605"
}
]
}
}

5
2018/8xxx/CVE-2018-8098.json
View File

@ -66,6 +66,11 @@
"name": "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2018/8xxx/CVE-2018-8099.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2019/11xxx/CVE-2019-11025.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190416 [SECURITY] [DLA 1757-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00017.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
}
]
}

5
2019/11xxx/CVE-2019-11184.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K43220413?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K43220413?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "MISC",
"name": "https://ieeexplore.ieee.org/document/9152768",
"url": "https://ieeexplore.ieee.org/document/9152768"
}
]
},

115
2019/12xxx/CVE-2019-12266.json
View File

@ -1,18 +1,121 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2022-03-29T13:33:00.000Z",
"ID": "CVE-2019-12266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack buffer overflow in Wyze Cam Pan v2, Cam v2 and Cam v3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cam Pan v2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.49.1.47"
}
]
}
},
{
"product_name": "Cam v2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.9.8.1002"
}
]
}
},
{
"product_name": "Cam v3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.36.8.32"
}
]
}
}
]
},
"vendor_name": "Wyze"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/",
"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "An update to the following firmware versions fixes the issue:\n\nWyze Cam Pan v2 firmware version 4.49.1.47.\nWyze Cam v2 firmware version 4.9.8.1002.\nWyze Cam v3 firmware version 4.36.8.32."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

10
2019/14xxx/CVE-2019-14379.json
View File

@ -336,6 +336,16 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213189",
"url": "https://support.apple.com/kb/HT213189"
},
{
"refsource": "FULLDISC",
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
}
]
}

5
2019/14xxx/CVE-2019-14844.json
View File

@ -68,6 +68,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-dc4e1d0fb6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220325-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220325-0003/"
}
]
},

5
2019/17xxx/CVE-2019-17124.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/hessandrew/CVE-2019-17124",
"url": "https://github.com/hessandrew/CVE-2019-17124"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166541/Kramer-VIAware-2.5.0719.1034-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/166541/Kramer-VIAware-2.5.0719.1034-Remote-Code-Execution.html"
}
]
}

5
2019/19xxx/CVE-2019-19242.json
View File

@ -66,6 +66,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19244.json
View File

@ -66,6 +66,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19317.json
View File

@ -71,6 +71,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19603.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19645.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19646.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19880.json
View File

@ -96,6 +96,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19923.json
View File

@ -96,6 +96,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19924.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19925.json
View File

@ -96,6 +96,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19926.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4298-2",
"url": "https://usn.ubuntu.com/4298-2/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/1xxx/CVE-2019-1551.json
View File

@ -184,6 +184,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-10",
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
}
]
}

15
2019/25xxx/CVE-2019-25058.json
View File

@ -66,6 +66,21 @@
"url": "https://github.com/USBGuard/usbguard/pull/531",
"refsource": "MISC",
"name": "https://github.com/USBGuard/usbguard/pull/531"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-0b97f87195",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-668038c1da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-1f97de95ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/"
}
]
}

5
2019/6xxx/CVE-2019-6956.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5109",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}

15
2019/7xxx/CVE-2019-7282.json
View File

@ -66,6 +66,21 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211118 [SECURITY] [DLA 2822-1] netkit-rsh security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd808b5a2c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSEX3TKX2DBUKG4A7VJFDLSMZIBJQZ3G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-6748ae617b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NA24VQJATZWYV42JG2PQUW7IHIZS7UKP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-82a6236ac7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU33YVEDGFDMAZPSRQTRVKSKG4FAX7QB/"
}
]
}

5
2019/9xxx/CVE-2019-9193.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html"
}
]
}

12
2020/11xxx/CVE-2020-11208.json
View File

@ -11,7 +11,7 @@
"product": {
"product_data": [
{
"product_name": "",
"product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
@ -52,16 +52,16 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",

12
2020/11xxx/CVE-2020-11209.json
View File

@ -11,7 +11,7 @@
"product": {
"product_data": [
{
"product_name": "",
"product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
@ -52,16 +52,16 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",

5
2020/11xxx/CVE-2020-11655.json
View File

@ -116,6 +116,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/11xxx/CVE-2020-11656.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/12xxx/CVE-2020-12278.json
View File

@ -76,6 +76,11 @@
"url": "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb",
"refsource": "MISC",
"name": "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

5
2020/12xxx/CVE-2020-12279.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4",
"refsource": "MISC",
"name": "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
]
}

10
2020/12xxx/CVE-2020-12775.json
View File

@ -82,12 +82,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5695-421a7-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5695-421a7-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5695-421a7-1.html"
},
{
"refsource": "CONFIRM",
"url": "https://moica.nat.gov.tw/rac_plugin.html"
"refsource": "MISC",
"url": "https://moica.nat.gov.tw/rac_plugin.html",
"name": "https://moica.nat.gov.tw/rac_plugin.html"
}
]
},

5
2020/13xxx/CVE-2020-13230.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d50b988a2f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
}
]
}

5
2020/13xxx/CVE-2020-13630.json
View File

@ -151,6 +151,11 @@
"refsource": "FULLDISC",
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13631.json
View File

@ -151,6 +151,11 @@
"refsource": "MLIST",
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13632.json
View File

@ -101,6 +101,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13871.json
View File

@ -96,6 +96,11 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13938.json
View File

@ -238,6 +238,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"
}
]
},

5
2020/13xxx/CVE-2020-13945.json
View File

@ -57,6 +57,11 @@
"refsource": "CONFIRM",
"name": "https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html"
}
]
},

50
2020/14xxx/CVE-2020-14111.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xiaomi.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Xiaomi Router Router AX3600",
"version": {
"version_data": [
{
"version_value": "Xiaomi Router AX3600 version <1.1.15"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=18",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=18"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code."
}
]
}

50
2020/14xxx/CVE-2020-14112.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xiaomi.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Router AX6000",
"version": {
"version_data": [
{
"version_value": "Router AX6000 version <1.0.56"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=34",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=34"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000."
}
]
}

50
2020/14xxx/CVE-2020-14115.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xiaomi.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Xiaomi Router AX3600",
"version": {
"version_data": [
{
"version_value": "Xiaomi Router AX3600 version < 1.0.67"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=37",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=37"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code."
}
]
}

5
2020/15xxx/CVE-2020-15358.json
View File

@ -151,6 +151,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212147",
"url": "https://support.apple.com/kb/HT212147"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

50
2020/15xxx/CVE-2020-15388.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@brocade.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files."
}
]
}

61
2020/15xxx/CVE-2020-15591.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fex.rus.uni-stuttgart.de",
"url": "https://fex.rus.uni-stuttgart.de"
},
{
"refsource": "MISC",
"name": "https://secfault-security.com/advisories/cve2020-15591.html",
"url": "https://secfault-security.com/advisories/cve2020-15591.html"
}
]
}

66
2020/15xxx/CVE-2020-15936.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Adjacent",
"availabilityImpact": "None",
"baseScore": 2.6,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-091",
"url": "https://fortiguard.com/advisory/FG-IR-20-091"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets."
}
]
}

98
2020/16xxx/CVE-2020-16232.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Yokogawa WideField3 Buffer Copy Without Checking Size of Input"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WideField3",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "R1.01",
"version_value": "R4.03"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Parity Dynamics reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-273-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-273-02"
},
{
"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/",
"refsource": "CONFIRM",
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Yokogawa has prepared revision R4.04 to address this vulnerability and recommends that users switch to this revision.\n\nFor more information about this vulnerability and the associated mitigations, please see Yokogawa\u2019s security advisory report YSAR-20-0002"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

15
2020/17xxx/CVE-2020-17456.json
View File

@ -61,6 +61,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated",
"url": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50821",
"url": "https://www.exploit-db.com/exploits/50821"
}
]
}

66
2020/18xxx/CVE-2020-18324.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://subrion.com",
"refsource": "MISC",
"name": "http://subrion.com"
},
{
"url": "http://intelliants.com",
"refsource": "MISC",
"name": "http://intelliants.com"
},
{
"refsource": "MISC",
"name": "https://github.com/hamm0nz/CVE-2020-18324",
"url": "https://github.com/hamm0nz/CVE-2020-18324"
}
]
}

66
2020/18xxx/CVE-2020-18325.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://subrion.com",
"refsource": "MISC",
"name": "http://subrion.com"
},
{
"url": "http://intelliants.com",
"refsource": "MISC",
"name": "http://intelliants.com"
},
{
"refsource": "MISC",
"name": "https://github.com/hamm0nz/CVE-2020-18325",
"url": "https://github.com/hamm0nz/CVE-2020-18325"
}
]
}

66
2020/18xxx/CVE-2020-18326.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://subrion.com",
"refsource": "MISC",
"name": "http://subrion.com"
},
{
"url": "http://intelliants.com",
"refsource": "MISC",
"name": "http://intelliants.com"
},
{
"refsource": "MISC",
"name": "https://github.com/hamm0nz/CVE-2020-18326",
"url": "https://github.com/hamm0nz/CVE-2020-18326"
}
]
}

61
2020/18xxx/CVE-2020-18327.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cvedetails.com/vulnerability-list/vendor_id-13372/product_id-27784/opxss-1/Alfresco-Alfresco.html",
"refsource": "MISC",
"name": "https://www.cvedetails.com/vulnerability-list/vendor_id-13372/product_id-27784/opxss-1/Alfresco-Alfresco.html"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/paatui/a3c7ca8cf12594b437d3854f13d76cb8",
"url": "https://gist.github.com/paatui/a3c7ca8cf12594b437d3854f13d76cb8"
}
]
}

5
2020/1xxx/CVE-2020-1971.json
View File

@ -184,6 +184,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

61
2020/20xxx/CVE-2020-20093.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zadewg/RIUS",
"refsource": "MISC",
"name": "https://github.com/zadewg/RIUS"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html",
"url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
}
]
}

61
2020/20xxx/CVE-2020-20094.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zadewg/RIUS",
"refsource": "MISC",
"name": "https://github.com/zadewg/RIUS"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html",
"url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
}
]
}

61
2020/20xxx/CVE-2020-20095.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zadewg/RIUS",
"refsource": "MISC",
"name": "https://github.com/zadewg/RIUS"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html",
"url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
}
]
}

61
2020/20xxx/CVE-2020-20096.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zadewg/RIUS",
"refsource": "MISC",
"name": "https://github.com/zadewg/RIUS"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html",
"url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
}
]
}

71
2020/21xxx/CVE-2020-21554.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tinyrise.com/",
"refsource": "MISC",
"name": "http://tinyrise.com/"
},
{
"url": "http://tinyrise.com/down.html",
"refsource": "MISC",
"name": "http://tinyrise.com/down.html"
},
{
"url": "https://imgur.com/dg1DM5T",
"refsource": "MISC",
"name": "https://imgur.com/dg1DM5T"
},
{
"url": "https://imgur.com/pA8OWxa",
"refsource": "MISC",
"name": "https://imgur.com/pA8OWxa"
}
]
}

5
2020/23xxx/CVE-2020-23226.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Cacti/cacti/issues/3549",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/3549"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
}
]
}

66
2020/24xxx/CVE-2020-24769.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/burpheart/CVE/2020-08-13-01.md",
"refsource": "MISC",
"name": "https://github.com/burpheart/CVE/2020-08-13-01.md"
},
{
"refsource": "MISC",
"name": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/",
"url": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/"
},
{
"refsource": "MISC",
"name": "https://github.com/burpheart/CVE/blob/master/2020-08-13-01.md",
"url": "https://github.com/burpheart/CVE/blob/master/2020-08-13-01.md"
}
]
}

66
2020/24xxx/CVE-2020-24770.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/burpheart/CVE/2020-08-13-02.md",
"refsource": "MISC",
"name": "https://github.com/burpheart/CVE/2020-08-13-02.md"
},
{
"refsource": "MISC",
"name": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/",
"url": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/"
},
{
"refsource": "MISC",
"name": "https://github.com/burpheart/CVE/blob/master/2020-08-13-02.md",
"url": "https://github.com/burpheart/CVE/blob/master/2020-08-13-02.md"
}
]
}

61
2020/24xxx/CVE-2020-24771.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/burpheart/CVE/blob/master/2020-08-13-03.md",
"refsource": "MISC",
"name": "https://github.com/burpheart/CVE/blob/master/2020-08-13-03.md"
},
{
"refsource": "MISC",
"name": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/",
"url": "https://nexusphp.org/2021/02/03/nexusphp-v1-6-0-beta2/"
}
]
}

56
2020/24xxx/CVE-2020-24772.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Dreamacro/clash/issues/910",
"refsource": "MISC",
"name": "https://github.com/Dreamacro/clash/issues/910"
}
]
}

111
2020/25xxx/CVE-2020-25176.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application\u2019s directory, which could lead to remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime's folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

111
2020/25xxx/CVE-2020-25178.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime's folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

111
2020/25xxx/CVE-2020-25180.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime's folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

Some files were not shown because too many files have changed in this diff Show More